Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Matthew Barker,
Technical Director,
Sonatype1
STALLED AT THE INTERSECTION OF
DEVOPS AND SECURITY
WHAT WE HAVE!
2
WHAT WE REALLY NEED!
3
SOFTWARE DEVELOPMENT MOVES
FASTER THAN SECURITY
WHY ARE WE STALLED
4
Explosive Use of
Components Agile and Devops
Enterpri...
5
WE TAKE SECURITY SERIOUSLY!
WHY ARE WE STALLED
6
ARE WE SERIOUS ABOUT SECURITY?
• Card
Skimmers
(9%)
• Insider
Misuse (8%)
• Crimeware
(4%)
• DoS Atta...
ARE WE SECURING OUR SOFTWARE SUPPLY CHAIN?
7
COST OF ASSESSING VULNERABILITIES LATE IN SLC
8
SOME RECENT APPLICATION ATTACKS
9
HOW DO WE MOVE TO THE DEVOPS-
SECURITY ACCELERATED INTERSECTION?
WHAT IS NEEDED
10
Fast and
Continuous
Accurate
Integrates...
Component
Selection
DEVELOPMENT BUILD AND DEPLOY PRODUCTION
COMPONENT
SELECTION
PUBLIC
REPOSITORIES
A CONTINUOUS APPROACH
...
A Modern Security Scanning
Architecture
Modern
Component
Data Service
Command
Line Scanner
with return value
Real time
pol...
QUESTIONS ?
Matthew Barker mbarker@sonatype.com
505-239-4008
Upcoming SlideShare
Loading in …5
×

of

Stalled at the intersection of dev ops and security v2 Slide 1 Stalled at the intersection of dev ops and security v2 Slide 2 Stalled at the intersection of dev ops and security v2 Slide 3 Stalled at the intersection of dev ops and security v2 Slide 4 Stalled at the intersection of dev ops and security v2 Slide 5 Stalled at the intersection of dev ops and security v2 Slide 6 Stalled at the intersection of dev ops and security v2 Slide 7 Stalled at the intersection of dev ops and security v2 Slide 8 Stalled at the intersection of dev ops and security v2 Slide 9 Stalled at the intersection of dev ops and security v2 Slide 10 Stalled at the intersection of dev ops and security v2 Slide 11 Stalled at the intersection of dev ops and security v2 Slide 12 Stalled at the intersection of dev ops and security v2 Slide 13
Upcoming SlideShare
Medida, Normalização e Qualidade - Aspectos da história da metrologia no Brasil - Capítulo 3 (04/09)
Next
Download to read offline and view in fullscreen.

0 Likes

Share

Download to read offline

Stalled at the intersection of dev ops and security v2

Download to read offline

The majority of enterprises are very concerned about the security of the software they are developing, but how can they secure their software without slowing down their velocity - or put another way - how can they move past being stalled at the intersection of DevOps and Security? With this in mind, we explore the qualities of a security scanning tool that is "plug-and-play" with a modern devOps shop.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Stalled at the intersection of dev ops and security v2

  1. 1. Matthew Barker, Technical Director, Sonatype1 STALLED AT THE INTERSECTION OF DEVOPS AND SECURITY
  2. 2. WHAT WE HAVE! 2
  3. 3. WHAT WE REALLY NEED! 3
  4. 4. SOFTWARE DEVELOPMENT MOVES FASTER THAN SECURITY WHY ARE WE STALLED 4 Explosive Use of Components Agile and Devops Enterprise Scale Use of Complex Frameworks
  5. 5. 5 WE TAKE SECURITY SERIOUSLY!
  6. 6. WHY ARE WE STALLED 6 ARE WE SERIOUS ABOUT SECURITY? • Card Skimmers (9%) • Insider Misuse (8%) • Crimeware (4%) • DoS Attacks (1%) See the problem?
  7. 7. ARE WE SECURING OUR SOFTWARE SUPPLY CHAIN? 7
  8. 8. COST OF ASSESSING VULNERABILITIES LATE IN SLC 8
  9. 9. SOME RECENT APPLICATION ATTACKS 9
  10. 10. HOW DO WE MOVE TO THE DEVOPS- SECURITY ACCELERATED INTERSECTION? WHAT IS NEEDED 10 Fast and Continuous Accurate Integrates Into Modern Devops tools Scalable Policy Driven Manages Supply Chain Prioritizes Vulnerabilities
  11. 11. Component Selection DEVELOPMENT BUILD AND DEPLOY PRODUCTION COMPONENT SELECTION PUBLIC REPOSITORIES A CONTINUOUS APPROACH PRECISELY IDENTIFY COMPONENTS & RISKS REMEDIATE EARLY IN DEVEOPMENT AUTOMATE POLICY ACROSS THE SLC MANAGE RISK ACROSS ENTIRE PORTFOLIO CONTINUOUSLY MONITOR FOR NEW RISKS 11
  12. 12. A Modern Security Scanning Architecture Modern Component Data Service Command Line Scanner with return value Real time policy check Email Alerts Includes production monitoring Fast, up to date, and accurate API Policy Server with Stored Analysis
  13. 13. QUESTIONS ? Matthew Barker mbarker@sonatype.com 505-239-4008

The majority of enterprises are very concerned about the security of the software they are developing, but how can they secure their software without slowing down their velocity - or put another way - how can they move past being stalled at the intersection of DevOps and Security? With this in mind, we explore the qualities of a security scanning tool that is "plug-and-play" with a modern devOps shop.

Views

Total views

339

On Slideshare

0

From embeds

0

Number of embeds

4

Actions

Downloads

6

Shares

0

Comments

0

Likes

0

×